US proposes ombudsman to allay concerns over data privacy

US and European regulators are rushing to meet a Feb. 2 deadline for renegotiating the transatlantic data pact struck down in October by a European high court. But key differences in how the two regions view privacy rights still remain.

Business Wire/File
Regulators in US and Europe are nearing completion on a deal to reinstate the Safe Harbor data transfer agreement, but some roadblocks remain before the pact is finalized around questions of defining "privacy" in each region.

European and U.S. officials are rushing to finalize a key data transfer pact days before a meeting of EU regulators who are poised to start restricting transatlantic flows of personal data used by firms in the billion dollar online advertising industry.

A new deal is crucial for the many thousands of businesses that until late last year relied on "Safe Harbor," a framework which protected Europeans' data moving to the United States, when it was struck down by an EU court over concerns about U.S. Internet surveillance.

European Union data protection law says companies cannot transfer EU citizens' personal data to countries outside the bloc deemed to have insufficient privacy safeguards -- like the United States.

Revelations of mass U.S. surveillance programs in 2013 prompted the European Commission to demand that Safe Harbour, which helped over 4,000 companies avoid cumbersome EU data transferral rules, be strengthened.

Since the Oct. 6 ruling companies have been in legal limbo. While they can set up alternative legal structures to transfer data to the United States, these have been called into question by the EU's data protection regulators.

The regulators meet in Brussels on Feb. 2-3 to decide whether they should restrict the use of alternative measures as well, such as binding corporate rules and model clauses between companies, causing particular panic in the technology world where companies such as Facebook and Google rely on moving and analyzing reams of users' data to sell targeted advertising.

"I do think that we can reach an agreement before February 2," said Robert Litt, general counsel for the U.S. Director of National Intelligence at a briefing with reporters on Friday.

U.S. officials met a group of EU data protection authorities on Tuesday to discuss the future of Safe Harbour, said a spokeswoman for the French regulator, which chairs the group.

One person familiar with the matter said U.S. ideas for improving oversight of the new data transfer framework - such as creating an "ombudsman" - could change the authorities' view of U.S. rules governing its surveillance practices.

However, the two sides are still at odds over the powers of the new office, whose role would be to respond to complaints from EU citizens and data protection authorities over U.S. surveillance practices.

Max Schrems, the Austrian law student whose complaints against Facebook in Ireland led to Safe Harbor being ruled invalid, sent a letter to European data protection authorities late Thursday urging them to reject claims that U.S. protections against surveillance are "essentially equivalent" to those found in Europe.

"Attempts by lobby groups and the US government to 'reinterpret' or 'overturn the clear judgment of the Union's highest court are fundamentally flawed," Schrems wrote.

The European Commission is pushing for the ombudsman to have the authority to make findings about U.S. surveillance as opposed to just fielding complaints, according to one person familiar with the talks.

Another issue is agreeing on the role European data protection authorities should play in ensuring companies abide by the privacy principles in the new data transfer agreement.

The U.S. Federal Trade Commission, responsible for enforcing privacy laws in the United States, does not have to take up each individual complaint, something that is required by the European Court of Justice in its Oct. 6 ruling.

"Ultimately the DPAs are going to have to be involved," said Julie Brill, U.S. Federal Trade Commissioner, at a conference in Brussels on Thursday.

Negotiators hope to reach a deal by Monday, when the European Commission will inform the European Parliament and member states.

That will enable the Commission to present the new framework to EU data protection regulators at the meeting on Tuesday, said Paul Nemitz, European Commission Director for Fundamental Rights.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.